And I thought it was bad enough when Saudi Arabia and India were pressing Research in Motion hard about making their technology available to be able to spy on people, now this is an issue in the US? WTF?

Their encryption is a good thing and used as a compettive advantage over other service providers. Now governments around the world including our own are once again messing with the free market under the guise of freedom from terror. It was bad enough when the Bush Admin did it. Now the Obama Admin is not only continuing those freedom eroding policies but expanding them.

I could go on about all the privacy implications, net neutrality, and more, but I'll spare all of you my rants... for now. Maybe I should turn this into a talk/article. This kind of stuff really gets me.

The Obama administration is developing plans that would require all Internet-based communication services -- such as encrypted BlackBerry e-mail, Facebook, and Skype -- to be capable of complying with federal wiretap orders, according to a report published Monday.

National security officials and federal law enforcement argue their ability to eavesdrop on terror suspects is increasingly "going dark," The New York Times reported, as more communication takes place via Internet services, rather than by traditional telephone.

The bill, which the White House plans to deliver to Congress next year, would require communication service providers be technically capable of intercepting and decrypting messages, raising serious privacy concerns, the Times said.

The proposal has "huge implications" and poses a test to the "fundamental elements of the Internet revolution," vice president of the Center for Democracy and Technology, James Dempsey, told the Times.

"They basically want to turn back the clock and make Internet services function the way that the telephone system used to function," he was quoted as saying.

Officials contend, however, that without new regulations their ability to prevent attacks could be hindered.

"We're not talking expanding authority," FBI general counsel Valerie Caproni told the Times. "We're talking about preserving our ability to execute our existing authority in order to protect the public safety and national security."

Internet and phone networks are already required to have eavesdropping abilities thanks to a 1994 law called the Communications Assistance to Law Enforcement Act, but the mandate does not apply to communication service providers -- like Research in Motion, maker of BlackBerry devices.

RIM has recently been working to resolve disputes with India, the United Arab Emirates and other countries to avert threats to ban BlackBerry services. The countries complained that BlackBerry e-mail encryption posed a national-security risk. India postponed a ban for at least two months after RIM agreed to give security officials "lawful access" to data.

"We've made it clear that we are respectful of government needs and fully cooperating to comply with lawful requirements on an industry standard basis, but we cannot compromise the security architecture of the BlackBerry enterprise solution," RIM co-CEO Jim Balsillie said Thursday, reiterating the company's previous stance.

Balsillie said RIM "simply has no ability to read the encrypted information and that it has no master key or back door key to allow access."

Encryption should be standard. Email should automatically encrypt itself with Public/Private keys that are transparent to the user and decrypt on the receiver side if the keys are known. This would cut down on the spam that is received because after everyone is doing it any unencrypted email is automatically bounced or trashed by the email server. Doing this universally would save money (less email virus' and spam - less overhead and bandwidth for the servers to deal with) and be easier for the users if it was transparent and just part of the sending process.

Open source encryption (PGP) has been around a long time. Everyone (but the governments) loves the ability to send mom's secret apple pie recipes and other things to each other without anyone reading the mail (or hearing the conversation). If the spies are so inept that they need a back door and a vacuum cleaner to scoop up the data, it is time to get better spies.

"The Obama administration is developing plans that would require all Internet-based communication services -- such as encrypted BlackBerry e-mail, Facebook, and Skype -- to be capable of complying with federal wiretap orders, according to a report published Monday."

So what. Honestly, if one has nothing to hide, one need not worry really. The reality of this is that no matter WHAT is said via government, how do they propose to enforce this. They'd have to outright ban encryption. Let's look at what's said: The Obama administration is developing plans that would require all Internet-based communication services -- such as encrypted BlackBerry e-mail, Facebook, and Skype -- to be capable of complying with federal wiretap orders, according to a report published Monday.

So my provider can tap my phone. Doesn't stop me from inventing my own language or slang. The communications provider did their job. I modified my needs to fit what I needed to do, communicate securely.

This is where government will always fail. They can pass this law and unbeknownst to many, most communications providers have to meet this anyway via way of CALEA, so its nothing new. I wonder what the administration intends on doing when the following occurs:

Evil person using cash goes to Times Square NYC and purchases a cellular with cash. While en-route to Chicago, evil person stops in Jersey and picks up three calling cards. He uses those calling cards to call a VoIP provider number from a VoIP shop in Poland. Places threatening calls and makes rogue plans...

So - the government can hear the call sure. Who cares?

Week one1) The government needs to get all the paperwork in order and hopes that when delivered to their attaches in Canada, the Canadian government complies.

Weeks one through two2) After getting the records from the Canadian provider, they trace the call as coming from a calling card. They need to discover who owns the DID and who sells the calling card. Investigation + More subpoenas

Weeks two through three3) After discovering the Acme Payphone Card distributed the PIN code and numbers, they trace the call as originating from a phone that was sold in batches to a NYC store. Investigation + more subpoenas

Weeks three through four4) After getting subpoenas for sales records at this NYC store, they determine that the buyer paid in cash and there is no record available. No cameras at the store so they can't identify the person(s)

Four weeks is peanuts. The reality is, situations like this lead to dead ends. Consider the following, I compromise a host in Germany. I use the German machine to compromise a host in China. I use the Chinese machine to compromise a VoIP account in the US. I use the compromised VoIP account to forward calls. I buy a few calling cards and daisy chain them through a cellular I bought off say Craigslist. The cellular was stolen, I needed it for one task.

--- Not going to stop criminals intent on doing something.

Might find cheaters, might find people who've made mistakes, but the people they're targeting this towards (terrorists, really evil people) are oblivious to this and won't care at the end of the day. It's easier to skate around with other technology (crypto + stego) than it is to say: "I think I'll use my Blackberry for Jihad!" Terrorist and truly evil/wicked individuals aren't dumb shmoes.

You are right sil. And if people start saying sentenses, like in France during WWII: "The bus will pass at 10:25am", "There are three birds in the sky" or "The sun is warm today". This form of ofuscation can't be detected...

Terrorist and truly evil/wicked individuals aren't dumb shmoes.

Is it me or most people/organization think that their ennemies/opponents are very dumb? The evil masterminds most have a lot of fun!

In my opinion, it seems like this is really bad policy that will do little in tracking down major threats to National Security. Sure, the Feds will intercept a few a few solid pieces of intelligence, but I doubt the policy will have a lasting impact on National Security.If you ask me, I think potential National Security threats would communicate via stenography, book ciphers, and possibly number stations (no, I don't wear a foil hat). Methods might be improved or modified, and new technology or methods would emerge. Also, I wouldn't be surprised to see new email providers pop up that provide confidential and privacy protected email communication (much like PRQ's "refugee hosting").

You are right sil. And if people start saying sentenses, like in France during WWII: "The bus will pass at 10:25am", "There are three birds in the sky" or "The sun is warm today". This form of ofuscation can't be detected...

Terrorist and truly evil/wicked individuals aren't dumb shmoes.

Is it me or most people/organization think that their ennemies/opponents are very dumb? The evil masterminds most have a lot of fun!

It is said that Rhyming Cockney was developed for similar reasons. I'm sure there are other examples, but I'm with sil and H1t on this. The Feds will see the same old tricks again.

Last edited by mallaigh on Fri Dec 10, 2010 5:19 pm, edited 1 time in total.

I want to note that the government cannot even be trusted to use the powers that in already has, within the scope of the law. It has been repeated been found to abuse the powers given to it. Therefore, it would be difficult for me to support such an action without significant public interaction of this issue.

I for one forsee the second that law passes, that terror networks go deeper underground. We are making it more difficult for ourselves.